Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2019-20504 | OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 9.8 |
| 2020-03-09 | CVE-2016-11021 | OS Command Injection vulnerability in Dlink Dcs-930L Firmware setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. | 7.2 |
| 2020-03-08 | CVE-2020-10221 | OS Command Injection vulnerability in Rconfig lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | 8.8 |
| 2020-03-07 | CVE-2020-10216 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10215 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-07 | CVE-2020-10213 | OS Command Injection vulnerability in multiple products An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. | 8.8 |
| 2020-03-05 | CVE-2019-17642 | OS Command Injection vulnerability in Centreon An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. | 8.8 |
| 2020-03-05 | CVE-2020-10173 | OS Command Injection vulnerability in Comtrend Vr-3033 Firmware De11416Ssgc01R02.A2Pvi042J1.D26M Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi. | 8.8 |
| 2020-03-05 | CVE-2019-20501 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter. | 7.8 |
| 2020-03-05 | CVE-2019-20500 | OS Command Injection vulnerability in Dlink Dwl-2600Ap Firmware 4.2.0.15 D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | 7.8 |